From ff1b7353474cec31bced8c545378933dcbe59b3d Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Sun, 17 May 2026 04:05:06 +0000
Subject: [PATCH] fix: V-001 security vulnerability

Automated security fix generated by Orbis Security AI

Signed-off-by: orbisai0security <mediratta01.pally@gmail.com>
---
 extras/memory/src/unity_memory.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/extras/memory/src/unity_memory.c b/extras/memory/src/unity_memory.c
index c71f77f84..d4da83f2d 100644
--- a/extras/memory/src/unity_memory.c
+++ b/extras/memory/src/unity_memory.c
@@ -81,6 +81,8 @@ void* unity_malloc(size_t size)
     }
 
     if (size == 0) return NULL;
+    if (size > (size_t)(-1) - sizeof(Guard) - sizeof(end) - (UNITY_MALLOC_ALIGNMENT - 1))
+        return NULL;
 #ifdef UNITY_EXCLUDE_STDLIB_MALLOC
     if (heap_index + total_size > UNITY_INTERNAL_HEAP_SIZE_BYTES)
     {
@@ -197,7 +199,7 @@ void* unity_realloc(void* oldMem, size_t size)
 #endif
     newMem = unity_malloc(size);
     if (newMem == NULL) return NULL; /* Do not release old memory */
-    memcpy(newMem, oldMem, guard->size);
+    memcpy(newMem, oldMem, guard->size < size ? guard->size : size);
     release_memory(oldMem);
     return newMem;
 }